Newsletter Signup

At Kinzy London, every piece tells a story, and yours begins here.

Privacy Policy

 

Introduction

Welcome to MyKinzy Ltd’s Privacy Policy.

At MyKinzy Ltd, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with us whether as a client, supplier, or employee.

We understand that your privacy is important, and we handle all personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of UK data protection law, MyKinzy Ltd is the “Data Controller” responsible for deciding how and why your personal data is processed.

By using our services, website, or communicating with us, you acknowledge that you have read and understood this Privacy Policy.

 

Collection of Personal Information

We collect and use certain personal information about our clients, suppliers, and employees to carry out our business activities and meet legal, contractual, and administrative obligations.

This policy describes:

What information we collect.

How and why we collect it.

How we store, use, and share it; and

How we protect your rights under UK data protection law.

 

Why This Policy Exists

 

This Privacy Policy ensures that MyKinzy Ltd:

Complies with data protection law and follows good practice.

Protects the rights of clients, suppliers, and employees.

Is open and transparent about how it stores and processes individuals’ data; and
Protects itself from the risks of data breaches or misuse.

It helps individuals by ensuring their personal data is handled lawfully, fairly, and transparently, and helps the company maintain compliance with the UK GDPR and Data Protection Act 2018.

 

Scope of the Policy

 

This policy applies to:

All employees and contractors of MyKinzy Ltd.

All clients, suppliers, and business partners whose data we process; and
All systems, processes, and activities that involve personal data.

It covers data stored electronically, in cloud systems, or in structured paper-based filing systems.

 

Data Protection Law – GDPR

 

Under the UK GDPR, personal data must be:

Processed lawfully, fairly, and transparently.

Collected only for specific, explicit, and legitimate purposes.

Adequate, relevant, and limited to what is necessary.

Accurate and kept up to date.

Kept only as long as necessary; and
Processed securely.

 

Personal data means any information that can directly or indirectly identify an individual, including identifiers such as name, email address, identification number, bank details, IP address, or location data.

 

What We Collect

 

We may collect and process the following types of personal data:

Contact Data: Name, email address, telephone number, postal address.

Other Identifier Data: Date of birth, national insurance number, employee ID, or other unique identifiers.

Transaction Data: Details about payments, invoices, or services purchased or provided.

Technical Data: IP address, browser type, operating system, and other technology used to access our website.

Connection Data: Collected through tools such as Google Analytics (e.g., browsing behaviour, referral URLs, and session durations).

Location Data: General location of your device or network connection.

Usage Data: Information on how you use our website, products, and services.

Communications Data: Communication preferences, correspondence records, and feedback.

 

Lawful Basis for Processing

 

We rely on the following lawful bases for processing personal data under Article 6 of the UK GDPR:

 

Consent – where you have given us clear consent for a specific purpose.

Contract – where processing is necessary for a contract or pre-contractual steps.

Legal obligation – where processing is required by law.

Legitimate interests – where processing is necessary for our business interests, provided they do not override your rights and freedoms.

Vital interests – where processing is necessary to protect someone’s life.

 

How and Why We Use/Share Your Information

 

We process your data for specific lawful purposes, including:

 

Providing products or services (Contract)

Managing supplier and employee information (Legal obligation)

Communications and updates (Legitimate interest or consent)

Financial transactions (Contract and legal obligation)

Website analytics (Legitimate interest or consent where required)

Security and fraud prevention (Legal obligation)

 

Sharing Your Information

 

We will only share your information when necessary and in accordance with UK data protection law.

 

We may share data with:

TakePayments – for secure card payments and financial transactions.

Calendly – to manage appointments and bookings.

Cloud and IT service providers – for secure hosting, backup, and email services.

Professional advisers – including lawyers, auditors, and accountants.

Regulatory authorities or law enforcement agencies – where required by law.

Payment processors and banks (TakePayments) – for secure transactions.

Analytics and marketing platforms – such as Google Analytics, using anonymised or pseudonymised data where possible.

 

All third-party providers who process data on our behalf are required to sign data processing agreements ensuring confidentiality and compliance with the UK GDPR.

 

Data Minimisation and Accuracy

 

We only collect and retain personal data that is relevant, adequate, and limited to what is necessary.

We take reasonable steps to ensure that the personal data we hold is accurate and kept up to date.

 

Data Security

 

We use encryption, secure servers, access controls, and regular staff training to protect your personal data.

We maintain data breach response procedures in line with UK GDPR requirements.

In the event of a data breach, MyKinzy Ltd will assess the risk to individuals’ rights and freedoms and, where necessary, notify the Information Commissioner’s Office (ICO) within 72 hours. If a breach poses a high risk to individuals, affected persons will be notified without undue delay.

 

International Data Transfers

 

Some of our service providers (such as Calendly) may operate outside the UK.
Some analytics providers, payment processors, and marketing platforms (such as Google Analytics, Hotjar, Stripe, PayPal, and social media platforms) may also process personal data outside the UK.

 

Where this occurs, we ensure that appropriate safeguards — such as the UK International Data Transfer Agreement (IDTA) or other approved mechanisms — are in place to protect your data.

 

Data Retention

 

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, or reporting requirements.

The specific retention period depends on the type of data and the purpose for which it was collected, including legal, accounting, tax, and regulatory requirements.

 

Cookies and Tracking Technologies

 

Our website uses cookies and similar technologies to enhance your experience and analyse website usage.

You can control or disable cookies via your browser settings. For more details, please refer to our Cookie Policy.

WordPress: WordPress is used to log in, save settings, make any changes to the website, and keep a consistent experience from page to page.

WooCommerce: WooCommerce is an open-source e-commerce plugin built on WordPress. Using this allows the user to buy and shop online. It is primarily used by small to large-sized online merchants using WordPress.

PayPal: PayPal is an online payment system used to allow users to make safe and secure online payments between parties.

Stripe: Stripe is used to allow users to make safe and secure online payments between parties.

Google Analytics: Google Analytics is used to track website performance and collect visitor insight.

Hotjar: Hotjar gives heatmaps and records anonymized user analytics data to help improve the experience of the website.

 

Non-essential third-party marketing cookies:

 

Facebook: Facebook is a social media platform that retargets adverts while on other platforms. This also is the same for Instagram and WhatsApp as these platforms are both owned by Facebook.

Twitter: Twitter is a social media platform and microblogging software that retargets adverts while on other platforms.

LinkedIn: LinkedIn is a platform for professional networking and career development that retargets adverts while on other platforms.

Bing: Bing is a web search engine owned and operated by Microsoft, which may be being used to support and display this website if you are using this search engine.

 

Some cookies are strictly necessary for the operation of our website and do not require consent. Non-essential cookies, including analytics and marketing cookies, are only placed on your device where you have provided your consent via our cookie banner.

 

You may withdraw or manage your cookie preferences at any time through our cookie settings tool or your browser settings.

 

Marketing and Communications

 

We may use your contact information to send updates or marketing communications if you have consented to receive them.

We will only send marketing communications where permitted under applicable law, including where you have provided consent or where we are permitted to do so under the “soft opt-in” provisions of PECR.

You can withdraw consent or opt out at any time by following the unsubscribe link in our emails or contacting us directly.

 

Automated Decision-Making and Profiling

 

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals.

 

Children’s Data

 

We do not knowingly collect or process personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately to arrange for deletion.

 

Your Data Protection Rights

 

Under the UK GDPR, you have the following rights:

Right to access your data

Right to rectification

Right to erasure (“right to be forgotten”)

Right to restrict processing

Right to data portability

Right to object to processing

Right to withdraw consent at any time

 

To exercise any of these rights, please contact us using the details below.
We may need to verify your identity before responding and will do so within one month of receipt.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your data lawfully: https://www.ico.org.uk

 

Links to Other Websites

 

Our website may contain links to external websites.
We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any external sites you visit.

 

Record Keeping and Accountability

 

MyKinzy Ltd maintains detailed records of all data processing activities, including the purposes, categories of data, and retention periods.

We regularly review our data protection practices to ensure ongoing compliance with legal requirements.

 

Employee and Internal Data Handling

 

Personal data of employees is processed strictly for employment, payroll, and legal compliance purposes.
Access is limited to authorised personnel only, and all staff receive regular training on data protection best practices.

 

Changes to This Policy

 

We may update this policy periodically to reflect legal or business changes.
The latest version will always be available on our website, and we will notify you of any significant updates.

 

Contact and Complaints

 

Data Protection Contact:
MyKinzy Ltd
7 Greville Street,
London, EC1N 8PQ
Email: contact@kinzylondon.com
Telephone: 020 7209 8737

If you are not satisfied with our response, you may lodge a complaint with the Information Commissioner’s Office (ICO) at https://www.ico.org.uk.